nmap vulnerability assessment

nmap is easy to use for simple simple vulnerability assessment. For example, checking port 445 for preventing SMB attacks from WannaCry:

nmap -PN 192.0.0/24 -p 445 | grep -B 4 "tcp open"
-PN: Treat all hosts as online -- skip host discovery

Linux container socket issue

Container running on Linux such as OpenVZ may encounter socket error issue when the application heavily utilize network socket I/O, very frequent or persistent. For example, Real Time automation for TV operations. Thus, such application may better run on physical machine or a full virtualization, such as KVM instead.

Wana Decrypt0r 2.0 Ransomware

REF: https://community.sophos.com/kb/en-us/126733

What to do

Please ensure all of your Windows environments have been updated as described in Microsoft Security Bulletin MS17-010 - Critical. Microsoft is providing Customer Guidance for WannaCrypt attacks

Microsoft has made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download:

Windows Server 2003 SP2 x64	Windows Server 2003 SP2 x86
Windows 8 x64	Windows 8 x86
Windows XP SP2 x64	Windows XP SP3 x86	Windows XP Embedded SP3 x86

Applying the Microsoft patches MS17-010 should be enough to protect against the EternalBlue Exploit that enabled the rapid spread of the Wanna ransomware attack. Microsoft and others are advising that customers should consider blocking legacy protocols on their networks in particular SMBv1 as an additional defense-in-depth strategy to further protect against attacks.

Customers considering disabling SMBv1 should proceed with caution since this could cause software and other services that depend on SMB to stop functioning correctly. In particular,  please see the following article for information regarding disabling SMBv1 for Sophos products: What to do if you decide to disable SMBv1 as a response to Wanna ransomware

The Wanna malware variants that we have seen include a lookup to a URL. If the malware gets a response, the attack stops. This has been described in some media reports as a “kill switch”. The domain for the URL was registered and activated by an independent malware analyst intending to track the malware, meaning that if current variants of the ransomware can reach the URL the attack would stop.

As a result, the National Cyber Security Centre (NCSC) provide this advice: Finding the kill switch to stop the spread of ransomware. NCSC recommends the following domains be whitelisted in your environment:

• www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
• www[.]ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

Antivirus scans for WannaCry

SHA256:	24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c
File name:	24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c.exe
Detection ratio:	51 / 59
Analysis date:	2017-05-26 05:07:28 UTC ( 21 hours, 57 minutes ago )

REF: https://virustotal.com/en/file/24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c/analysis/

RFC 2196

Abstract

   This handbook is a guide to developing computer security policies and
   procedures for sites that have systems on the Internet.  The purpose
   of this handbook is to provide practical guidance to administrators
   trying to secure their information and services.  The subjects
   covered include policy content and formation, a broad range of
   technical system and network security topics, and security incident
   response.

REF: https://www.rfc-editor.org/rfc/rfc2196.txt

Digi-Cloud Alliance

• validated solutions
• modular building blocks
• future looking of composable infrastructure, via API orchestration
• ex Azure IaaS not profitable, but PaaS, IoT ok
• cloud 1.0 : vendor, tech driven; 2.0: user, solution driven
• IoT gateway for data transmission

Edge computing

From wiki: 

Edge computing is a method of optimising cloud computing systems by performing data processing at the edge of the network, near the source of the data. This reduces the communications bandwidth needed between sensors and the central datecentre by performing analytics and knowledge generation at or near the source of the data. This approach requires leveraging resources that may not be continuously connected to a network such as laptops, smartphones, tablets and sensors.^[1] Edge Computing covers a wide range of technologies including wireless sensor networks, mobile data acquisition, mobile signature analysis, cooperative distributed peer-to-peer ad hoc networking and processing also classifiable as local cloud/fog computing and grid/mesh computing, dew computing,^[2] mobile edge computing,^[3][4] cloudlet, distributed data storage and retrieval, autonomic self-healing networks, remote cloud services, augmented reality, and more.^[5]

REF: https://en.wikipedia.org/wiki/Edge_computing

2017 SAP Forum Taipei

• digital supply chain connected to everything
• changing and reinventing
• real-time BI decision
• if you can't measure it, you can't improve it.
• enterprise level data warehouse
• design thinking
• system for log, for engagement, for innovation
• people, thing, business
• reinvent, reimagine, and four other R
• SAP edge computing filtered then send to cloud, IoT foundation
• Digital Twin 
• predictive maintenance management

data for deep learning

deep learning actually requires lots of data for training. otherwise won't work.

Conficker, MS08-067

Spread of WannaCry today is similar to Conficker ten years ago...

About Conficker

On October 23, 2008, Microsoft released a critical security update, MS08-067, to resolve a vulnerability in the Server service of Windows that, at the time of release, was facing targeted, limited attack. The vulnerability could allow an anonymous attacker to successfully take full control of a vulnerable system through a network-based attack, the sort of vectors typically associated with network "worms." Since the release of MS08-067, the Microsoft Malware Protection Center (MMPC) has identified the following variants of Win32/Conficker:

• Worm:Win32/Conficker.A: identified by the MMPC on November 21, 2008
• Worm:Win32/Conficker.B: identified by the MMPC on December 29, 2008
• Worm:Win32/Conficker.C: identified by the MMPC on February 20, 2009*
• Worm:Win32/Conficker.D: identified by the MMPC on March 4, 2009**
• Worm:Win32/Conficker.E: identified by the MMPC on April 8, 2009

	*Also known as Conficker B++
	**Also known as Conficker.C and Downadup.C

REF: https://technet.microsoft.com/en-us/security/dd452420.aspx

Baculum, web UI for Bacula

web UI is available at demo site.



REF: http://blog.bacula.org/baculum-official-rpm-and-deb-package-repositories/